Zurück zur CVE-Übersicht
CVE-2008-4250
CRITICAL(9.8)KEV — Aktiv ausgenutztCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score82/100 — KRITISCH
- CVSS 9.8 — Kritisch
- EPSS 92% — sehr wahrscheinlich ausgenutzt
- Im CISA KEV-Katalog (aktiv ausgenutzt)
Erwähnungen (letzte 60 Tage)
Artikel
CISA KEV
Bestätigt ausgenutzt
EPSS-Score
92%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Referenzen
- http://blogs.securiteam.com/index.php/archives/1150
- http://marc.info/?l=bugtraq&m=122703006921213&w=2
- http://secunia.com/advisories/32326
- http://www.kb.cert.org/vuls/id/827267
- http://www.securityfocus.com/archive/1/497808/100/0/threaded
- http://www.securityfocus.com/archive/1/497816/100/0/threaded
- http://www.securityfocus.com/bid/31874
- http://www.securitytracker.com/id?1021091
- http://www.us-cert.gov/cas/techalerts/TA08-297A.html
- http://www.us-cert.gov/cas/techalerts/TA09-088A.html